diff --git a/_test/tests/inc/remoteapicore_aclcheck.test.php b/_test/tests/inc/remoteapicore_aclcheck.test.php
new file mode 100644
index 0000000000000000000000000000000000000000..25aff331f5ed26f451495dba543b9aa96dd84baa
--- /dev/null
+++ b/_test/tests/inc/remoteapicore_aclcheck.test.php
@@ -0,0 +1,141 @@
+<?php
+
+/**
+ * Class remoteapicore_test
+ */
+class remoteapicore_aclcheck_test extends DokuWikiTest {
+
+ protected $userinfo;
+ protected $oldAuthAcl;
+ /** @var RemoteAPI */
+ protected $remote;
+
+ protected $pluginsEnabled = array('auth_plugin_authplain');
+
+ protected function reloadUsers() {
+ global $auth;
+
+ /* auth caches data loaded from file, but recreated object forces reload */
+ $auth = new auth_plugin_authplain();
+ }
+
+ public function setUp() {
+ global $config_cascade;
+ global $conf;
+ global $USERINFO;
+ global $AUTH_ACL;
+
+ parent::setUp();
+
+ $name = $config_cascade['plainauth.users']['default'];
+ copy($name, $name . ".orig");
+ $this->reloadUsers();
+
+ $this->oldAuthAcl = $AUTH_ACL;
+ $this->userinfo = $USERINFO;
+
+ $conf['remote'] = 1;
+ $conf['remoteuser'] = '@user';
+ $conf['useacl'] = 0;
+
+ $this->remote = new RemoteAPI();
+
+ }
+
+ public function tearDown() {
+ global $USERINFO;
+ global $AUTH_ACL;
+ global $config_cascade;
+
+ parent::tearDown();
+
+ $USERINFO = $this->userinfo;
+ $AUTH_ACL = $this->oldAuthAcl;
+
+ $name = $config_cascade['plainauth.users']['default'];
+ copy($name . ".orig", $name);
+ }
+
+ public function test_checkacl() {
+ global $conf;
+ global $AUTH_ACL, $USERINFO;
+ /** @var auth_plugin_authplain $auth */
+ global $auth;
+
+ $conf['useacl'] = 1;
+ $_SERVER['REMOTE_USER'] = 'john';
+ $USERINFO['grps'] = array('user');
+ $AUTH_ACL = array(
+ '* @ALL 0', //none
+ '* @user 2', //edit
+ '* @more 4', //create
+ 'nice_page user2 8' //upload
+ );
+
+ $params = array('nice_page');
+ $this->assertEquals(AUTH_EDIT, $this->remote->call('wiki.aclCheck', $params));
+
+ $auth->createUser("user1", "54321", "a User", "you@example.com");
+ $auth->createUser("user2", "543210", "You", "he@example.com");
+ $auth->createUser("mwuser", "12345", "Wiki User", "me@example.com", array('more')); //not in default group
+
+ $params = array(
+ 'nice_page',
+ 'user1'
+ );
+ $this->assertEquals(AUTH_EDIT, $this->remote->call('wiki.aclCheck', $params));
+
+ $params = array(
+ 'nice_page',
+ 'mwuser' // member of group 'more'
+ );
+ $this->assertEquals(AUTH_CREATE, $this->remote->call('wiki.aclCheck', $params));
+
+ $params = array(
+ 'nice_page',
+ 'mwuser',
+ array() //groups not retrieved
+ );
+ $this->assertEquals(AUTH_NONE, $this->remote->call('wiki.aclCheck', $params));
+
+ $params = array(
+ 'nice_page',
+ 'notexistinguser',
+ array('more')
+ );
+ $this->assertEquals(AUTH_CREATE, $this->remote->call('wiki.aclCheck', $params));
+
+ $params = array(
+ 'nice_page',
+ 'user2'
+ );
+ $this->assertEquals(AUTH_UPLOAD, $this->remote->call('wiki.aclCheck', $params));
+
+ $params = array(
+ 'nice_page',
+ 'user2',
+ array() //groups not retrieved
+ );
+ $this->assertEquals(AUTH_UPLOAD, $this->remote->call('wiki.aclCheck', $params));
+
+ $params = array(
+ 'unknown_page',
+ 'user2'
+ );
+ $this->assertEquals(AUTH_EDIT, $this->remote->call('wiki.aclCheck', $params));
+
+ $params = array(
+ 'unknown_page',
+ 'user2',
+ array() //groups not retrieved
+ );
+ $this->assertEquals(AUTH_NONE, $this->remote->call('wiki.aclCheck', $params));
+
+ $params = array(
+ 'nice_page',
+ 'testuser' // superuser set via conf
+ );
+ $this->assertEquals(AUTH_ADMIN, $this->remote->call('wiki.aclCheck', $params));
+ }
+
+}
diff --git a/inc/RemoteAPICore.php b/inc/RemoteAPICore.php
index df71cce0587ce02b54367c4189b9ab8970acc769..407e63185b3ec519abcf00a6f5e23023701ca3d2 100644
--- a/inc/RemoteAPICore.php
+++ b/inc/RemoteAPICore.php
@@ -133,7 +133,7 @@ class RemoteAPICore {
'return' => 'array',
'Returns a struct about all recent media changes since given timestamp.'
), 'wiki.aclCheck' => array(
- 'args' => array('string, string, array'),
+ 'args' => array('string', 'string', 'array'),
'return' => 'int',
'doc' => 'Returns the permissions of a given wiki page. By default, for current user/groups'
), 'wiki.putAttachment' => array(
@@ -607,15 +607,26 @@ class RemoteAPICore {
* Returns the permissions of a given wiki page for the current user or another user
*
* @param string $id page id
- * @param string $user username/group
+ * @param string|null $user username
+ * @param array|null $groups array of groups
* @return int permission level
*/
- public function aclCheck($id, $user=null, $groups=null) {
+ public function aclCheck($id, $user = null, $groups = null) {
+ /** @var DokuWiki_Auth_Plugin $auth */
+ global $auth;
+
$id = $this->resolvePageId($id);
- $perms_current_user = auth_quickaclcheck($id);
- if ($user === null){
- return $perms_current_user;
+ if($user === null) {
+ return auth_quickaclcheck($id);
} else {
+ if($groups === null) {
+ $userinfo = $auth->getUserData($user);
+ if($userinfo === false) {
+ $groups = array();
+ } else {
+ $groups = $userinfo['grps'];
+ }
+ }
return auth_aclcheck($id, $user, $groups);
}
}